docker/cli
1
0
Fork 0
mirror of https://github.com/docker/cli.git synced 2026-01-26 15:41:42 +03:00
Code Activity
Files
faf8a0836ef287e434f1d4d8a97203ddb016d445
cli/cmd/docker-trust/docs/reference/trust_key_generate.md
Sebastiaan van Stijn c9bb291154 implement docker trust as plugin 
move the `trust` subcommands to a plugin, so that the subcommands can
be installed separate from the `docker trust` integration in push/pull
(for situations where trust verification happens on the daemon side).

    make binary
    go build -o /usr/libexec/docker/cli-plugins/docker-trust ./cmd/docker-trust

    docker info
    Client:
     Version:    28.2.0-dev
     Context:    default
     Debug Mode: false
     Plugins:
      buildx: Docker Buildx (Docker Inc.)
        Version:  v0.24.0
        Path:     /usr/libexec/docker/cli-plugins/docker-buildx
      trust: Manage trust on Docker images (Docker Inc.)
        Version:  unknown-version
        Path:     /usr/libexec/docker/cli-plugins/docker-trust

    docker trust --help
    Usage:  docker trust [OPTIONS] COMMAND

    Extended build capabilities with BuildKit

    Options:
      -D, --debug   Enable debug logging

    Management Commands:
      key         Manage keys for signing Docker images
      signer      Manage entities who can sign Docker images

    Commands:
      inspect     Return low-level information about keys and signatures
      revoke      Remove trust for an image
      sign        Sign an image

    Run 'docker trust COMMAND --help' for more information on a command.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-11-06 15:24:46 +01:00

1.6 KiB
Raw Blame History

trust key generate

Generate and load a signing key-pair

Options

Name Type Default Description
--dir string Directory to generate key in, defaults to current directory

Description

docker trust key generate generates a key-pair to be used with signing, and loads the private key into the local Docker trust keystore.

Examples

Generate a key-pair

$ docker trust key generate alice

Generating key for alice...
Enter passphrase for new alice key with ID 17acf3c:
Repeat passphrase for new alice key with ID 17acf3c:
Successfully generated and loaded private key. Corresponding public key available: alice.pub
$ ls
alice.pub

The private signing key is encrypted by the passphrase and loaded into the Docker trust keystore. All passphrase requests to sign with the key will be referred to by the provided NAME.

The public key component alice.pub will be available in the current working directory, and can be used directly by docker trust signer add.

Provide the --dir argument to specify a directory to generate the key in:

$ docker trust key generate alice --dir /foo

Generating key for alice...
Enter passphrase for new alice key with ID 17acf3c:
Repeat passphrase for new alice key with ID 17acf3c:
Successfully generated and loaded private key. Corresponding public key available: alice.pub
$ ls /foo
alice.pub
View Git Blame Copy Permalink